How CIOs can maintain cloud control

Quint’s Eus Pontenagel offers a checklist for ensuring the introduction of cloud services into a wider sourcing strategy does not prove disruptive.

Too many CIOs underestimate the impact that cloud services will have on their IT organizations, believes Eus Pontenagel, director of consulting at international IT management consultancy Quint Wellington Redwood (Quint). And for some that is leading to an erosion of control. The expectations on cloud to deliver significant benefits to the business are certainly running high, says Pontenagel. “To achieve the flexibility, agility and operational continuity that today’s businesses demand we need IT optimization. And, for many, IT optimization means cloud. To have access to data and services anywhere and from any device the answer is, apparently, cloud. To support enormous numbers of users, big data and millions of connected end-points, again the answer is cloud,” he says. But rather than treating cloud as a panacea, CIOs need to see the model for what it is: a new channel for IT service provisioning, he says — albeit an extremely potent one. That raises a whole series of questions, according to Pontenagel. How does the introduction of cloud services impact existing sourcing strategy? How do CIOs and sourcing experts structure new, cloud-specific contracts? How do they assess and select cloud partners? And how do they successfully achieve the integration that is needed between external cloud services and existing (or future) parts of their home-grown IT estate?

Different channel, different rules

Above all, CIOs need to appreciate that they can’t simply impose the rules and regulations they’ve used historically for third-party services on this new channel, Pontenagel argues. They need to accept that cloud has its own dynamics — dynamics that point to a loss of control unless clearly understood. And he outlines a checklist of some of the areas that IT leaders need to consider when introducing cloud services:

Service catalog management IT organizations can expect difficulties in keeping track of cloud services as end-users have the scope to purchase pay-as-you-go services in an ad hoc fashion, making the maintenance of any kind of single, consistent catalog of agreed services a big — and ongoing — challenge.

Service level management As cloud services are effectively a ‘black box’ of functionality, traditional ways of monitoring and managing service levels — and defining service level agreements — need to be rewritten.

Capacity and availability management With cloud, responsibility for this shifts to the service provider, with the customer focusing on network uptime and the performance delivered.

Information security IT teams need to be cognizant of the fact that the cloud vendor largely defines the way security is handled for the service, including where data and infrastructure are located and the extent to which it uses public networks.

Access management As this will be different for each cloud service a new challenge is how access, responsibilities and authorizations are handled (at least until standards emerge that provide universal access management across different clouds).

Event/incident management The loss of control extends to the resolution of incidents and problems. Due to the black box nature of a cloud service, any root cause analysis is entrusted to the cloud service provider, making the process more complex and less predictable.

Financial management With the switch from capex to opex investment in IT and shorter contract cycles that are hallmarks of cloud, budgeting needs to be rethought.

There also needs to be a new agenda at both a business and partner relationship level, says Pontenagel. The CIO and their teams need to take on a wider role in ensuring that the rest of the business understands the scope and value of the cloud services available on the market, he says, and how it makes sense for IT to be brought in to help provision those and ensure that they are integrated into the wider environment. “With approval of a cloud service as easy as swiping a credit card, influencing and understanding user demand is more important than ever,” he highlights.

On the other side of the sourcing relationship, suppliers also need to be brought closer to IT teams. “As your IT is effectively part of their black box solution, you need to ensure you can influence development (albeit along with numerous other customers), even though release cycles are not in your control,” Pontenagel points out. That said, IT executives also need to map out an exit strategy for when things go wrong or requirements end, he says, and how that differs from the processes surrounding the end of traditional contracts — both from a legal and technical point of view.

New roles and cultures

IT managers need to accept a level of detachment, he argues. “Unlike traditional outsourcing, where the relationship between companies is personalized and based on strategic match and cultural alignment, when the provider takes over much of the responsibility and accountability for the service, cloud means we cannot identify and personalize any more,” he says. So going behind the scenes before you buy is not really an option. “Cloud is about buying to satisfy a particular need, which means the business user doesn’t really care what lies behind the application or service. That’s going to be revolutionary for IT executives, because today they actually want to talk to their service providers and look under the hood to make sure they understand everything about the service delivery,” says Pontenagel. As that highlights, cloud is about letting go — at least partially. “It is a channel, part of your sourcing strategy,” he says. “If you buy a cloud service you will have a control issue. So there need to be new ways of managing and controlling.”